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1 Introduction 

Suppose that is a smooth projective variety over a finite field k. An 
important problem in arithmetical algebraic geometry is the calculation of 
the number of A;-rational points of V, \V{k)\. The work of Goppa [Uj and 
others have shown its importance in geometric coding theory as well. We 
refer to this problem as the counting problem. In most cases it is very 
hard to find an explicit formula for the number of points of a variety over a 
finite field. 

When the variety is a "Shimura variety" defined by certain group theoret- 
ical conditions (see ^ below), methods from non-abelian harmonic analysis 
on groups can be used to find an explicit solution for the counting problem. 
The Arthur-Selberg trace formula [S], provides one such method. Using the 
Arthur- Selberg trace formula, an explicit formula for the counting problem 
has been found for Shimura varieties, thanks primarily to the work of Lang- 
lands and Kottwitz ( |Lanlj . |Klj ) ^. Though it may be surprising and indeed 
very interesting that the trace formula allows one (with sufficient skill and 
expertise) to relate, when is a Shimura variety, the geometric numbers 
|l^(Fg)| to orbital integrals from harmonic analysis ( |Labj . for example), or 
to a linear combination of coefficients of automorphic forms ( |Gelj . for ex- 
ample), or even to representation-theoretic data ([Cas2 , for example), these 
formulas do not yet seem to be helping the coding theorist in any practical 
way that we know of. 

However, another type of application of the trace formula is very useful. 
Moreno jM] first applied the trace formula in the context of Goppa codes 
to obtaining a new proof of a famous result of M. Tsfasman , S. Vladut, T. 
Zink, and Y. Ihara. (Actually, Moreno used a formula for the trace of the 
Hecke operators acting on the space of modular forms of weight 2, but this 
can be proven as a consequence of the Arthur-Selberg trace formula, |DLj . 
§11.6.) This will be discussed below. We are going to restrict our attention 
in this paper to the interplay between Goppa codes of modular curves and 
the counting problem, and give some examples using MAGMA. In coding 
theory, curves with many rational points over finite fields are being used for 
construction of codes with some good specific characteristics. We discuss 
AG (or Goppa) codes arising from curves, first from an abstract general 
perspective then turning to concrete examples associated to modular curves. 

^For some introductions to this highly technical work of Langlands and Kottwitz, the 
reader is referred to Labesse |Lab| . Clozel and Casselman [Cas2| . 
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We will try to explain these extremely technical ideas using a special case 
at a level to a typical graduate student with some background in modular 
forms, number theory, group theory, and algebraic geometry. For an approach 
similar in spirit, though from a more classical perspective, see the book of C. 
Moreno [Ml- 

2 Shimura curves 

In this section we study arithmetic subgroups, arithmetical quotients, and 
their rational compactifications. Ihara first introduced Shimura curves, a 
rational compactification of r\EI where F is a particular discrete subgroup, 
from a classical perspective. We shall recall them from both the classical and 
group-theoretical point of view. The latter perspective generalizes to higher 
dimensional Shimura varieties |Delj . 

2.1 Arithmetic subgroups 

We assume that G = SL{2) is the group of 2 x 2 matrices with entries from 
an algebraically closed field Q. In particular the group of i?-points of SL{2) 
for a subring i? C f2, with unit element 1 is defined by 



where M(2, R) is the space of 2 x 2 matrices with entries from R. We now 
define congruence subgroups in SL{2,Z). Let SL{2,Z) be the subgroup of 
SL{2,'R) with integral matrices. Consider a natural number N, and let 



We note that the subgroup F(A^) is a discrete subgroup of SL{2,M), which 
is called the principal congruence subgroup of level N. Any subgroup of 
SL{2,Z) that contains the principal congruence subgroup is called a congru- 
ence subgroup. 

In general an arithmetic subgroup of SL{2,'R) is any discrete subgroup F 
that is commensurable with SL{2,'Z), where commensurability means that 
the intersection F fl S'L(2,Z) is of finite index in both F and S'L(2,Z). The 
group F(A^) has the property of being commensurable with SL{2, Z). 



SL{2,R) = {geM{2,R) \ det(^7) = 1}, 
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2.2 Riemann surfaces as algebraic curves 

Let us recall that the space M — {z E C \ Im{z) > 0} is called the Poincare 
upper half plane. This space plays fundamental role in the definition of the 
modular curves. Note that the group SL{2, M) acts on H by 



g ■ z = {az + h) {cz + d) ^ 



az + b 
cz + d' 



where z eM, g 



a b 
c d 



e SL{2, : 



We emphasize that the action of SL{2,'E.) on HI is transitive, i.e., for 
any two points Wi,W2 G H there is an element g G SL{2,M.) such that 
W2 = g ■ Wi. This can easily be proved. We also emphasize that there are 
subgroups of SL(2, M) for which the action is not transitive, among them the 
class of arithmetic subgroups are to be mentioned. For example, the group 
SL{2, Z) docs not act transitively on H, and the set of orbits of the action 
of SL{2, Z) on H, and similarly any arithmetic subgroup, is infinite. We call 
the arithmetic quotient r\M the set of orbits of the action of an arithmetic 
subgroup r on H. 

Example 1 Take T to be the Hecke subgroup Tq{N) defined by 



ro(iv) 



a b 
c d 



e SL{2,Z) I c = 0(mod7V) } , 



for a natural number N. This is a congruence subgroup andYo{N) — ro{N)\M 
is an arithmetic quotient. Such a quotient is not a compact subset, nor 
a bounded one, it is however a subset with finite measure (volume) under 
the non-Euclidean measure induced on the quotient from the group SL{2, M) 
which is a locally compact group and induces the invariant volume element 
where x, y are the real and the complex part of an element z eM. 

We now recall the basic ideas that turns an arithmetic quotient of the 
form r\H[ into an algebraic curve. Let F C SL{2, Q) be an arithmetic sub- 
group. The topological boundary of H is M and a point oo. For the rational 
compactification of H we do not need to consider all the boundaries M and 
{oo}. In fact we need only to add to EI the cusps of F (a cusp of F is 
a rational number (an element of Q) that is fixed under the action of an 
element 7 with the property that |ir(7)| = 2). Any two cusps Xi,X2 such 
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that S ■ X2 = Xi for an element 5 G F are called equivalent. Let C(r) be 
the set of inequivalent cusps of T. Then C{T) is finite. We add this set to 
EI and form the space H* = EI U C(r). This space will be equipped with 
certain topology such that a basis of the neighborhoods of the points of H* 
is given by three type of open sets; if a point in H* is lying in HI then its 
neighborhoods consists of usual open discs in H, if the point is oo, i.e., the 
cusp oo, then its neighborhoods are the set of all points lying above the line 
Im{z) > a for any real number a, if the point is a cusp different than oo 
which is a rational number, then the system of neighborhoods of this point 
are the union of the cusp and the interior of a circle in EI tangent to the 
cusp. Under the topology whose system of open neighborhoods we just ex- 
plained, EI* becomes a Hausdorff non-locally compact space. The quotient 
space r\lHI* with the quotient topology is a compact Hausdorff space. We 
refer to this compact quotient as the rational compactification of r\IHI. 
For a detailed discussion we refer the reader to |Shimj . 

When the arithmetic group is a congruence subgroup of SL{2, Z) the 
resulting algebraic curve is called a modular curve. For example, the ra- 
tional compactification of Y{N) = F(A^)\EI is denoted by X{N) and the 
compactification of Yq{N) = Fo(iV)\H by Xo(A^). 

Example 2 Let N = 1. Then F = F(l) = SL{2,Z). In this case C(F) = 
{oo}, since all rational cusps are equivalent to the cusp oo. SoM* = ElU{cxo}, 
and F\1HI* will be identified by F\EI U {oo}. This may be seen as adding oo 
to the fundamental domain Fi = F of SL{2,Z), that consists of all complex 
numbers in z with \z\ > 1 and \Re{z)\ < ^. 

The rational compactification of F\IHI turns the space F\EI* into a compact 
Riemann surface (cf. |Shimj ) and so into an algebraic curve (cf. jNaraj, or 

ISSI). 

In general it is easiest to work with those arithmetic subgroups which 
are torsion free and we shall assume from this point on that the arithmetic 
subgroups we deal with have this property. For example F(iV) and Fo(iV) 
for > 3 are torsion free. 

2.3 An adelic view of arithmetic quotients 

Consider the number field Q, the field of rational numbers. Let Qp be the 
completion of Q under the p-adic absolute value where \a/b\p = 
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whenever a, h arc integers and a/h = TI^^p prime ^'^'^i ^' ^ ^- R-^call that 
under the ordinary absolute value the completion of Q is M. The ring of 
adeles of Q is the locally compact commutative ring A that is given by: 

^ — {(3^00, 3^2, • ■ ■ ) ^ ^ ^ n I but a finite number of Xp e Zp}, 

p 

where Zj, is the ring of integers of Qp (as it is well known Zp is a maximal 
compact open subring of Qp). An element of A is called an adele. If Kf 
denotes the set of adeles omitting the R-component Xoo, then A/ is called the 
ring of finite adeles and we can write A = 3DM x Ay. Under the diagonal 
embedding Q is a discrete subgroup of A. 

We now consider the group G — GL{2). For a choice of an open compact 
subgroup Kf C G{Af), it is known that we can write the arithmetic quotient 
(which was originally attached to an arithmetic subgroup of F C SL[2,Q)) 
as the following quotient 

Y{Kf) = G(Q)\[H X {G{Af)/Kf)] = r\H, (1) 

where 

F = G{Q) n G{R)Kf. (2) 

Thus our arithmetic subgroup F is completely determined by Kf. From now 
on we assume Kf has been chosen so that F is torsion free. 

Definition 3 Let G — GL{2) . ToG is associated the Shimura variety Sh{G) 
as follows. Let N > 3 be a natural number. Let r{N) be the congruence 

subgroup of level N of SL{2,'L), and K = 50(2, M) the orthogonal group of 
2x2 real matrices A with determinant 1 satisfying *AA — I2. Then 

Y{N) = r{N)\m ^ r{N)\G{R)/K. 

We call this the modular space of level N. Let 

Kf{N) ^ {g e GillZp) \ g = h{modN)} 
p 

be the open compact subgroup of G{Af) of level N. Then the modular 
space of level N can be written as: 

Y{N) = G{Q)\G{A)/KKf{N) = G(Q)\[M x {G{Af)/Kf{N))]. 
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Thus 

X{Kf{N)) = Y{N). 

Taking the projective limit over Kf{N) by letting N gets large (which means 
Kf{N) gets small), we see that liraN Y{N) = G(Q)\[EI x G(A/)]. Then the 
(complex points of the) Shimura curve Sh{G) associated to G = SL{2) is 
defined by 

Sh{G){C) = G(Q)\[H X G{Af)]. (3) 

Many mathematicians have addressed the natural questions 

• What field are the curves X(A^), Xq{N) defined over? 

• How can they be described explicitly using algebraic equations? 

Regarding the first question, by the general theory of Shimura varieties 
we know that for each reductive group G defined over Q satisfying the axioms 
of §2.1.1 in |Delj . there is an algebraic number field E = Eq over which a 
Shimura variety Sh{G) is defined |Delj . In fact, the Shimura curves X[N) 
and Xq{N) are regular schemes proper over Z[l/A^] (more precisely over 
Spec{Z[l/N])) 2. 

Regarding the second question, it is possible to find a modular polyno- 
mial H]\f{x,y) of degree 

= AT n(i + 1) 

p\N ^ 

for which H]\f{x,y) = describes (an affine patch of) Xq{N). Let 
G,{q) = 2 Cik) + 2 Yl ^'^-iH^"' 

^ ' n=l 

where q = e^'^*^, z G H, ar{n) = J2d\n i ^'^^ 

oo 

A(g) = m^G,{qf - 27 ■ im^G,{qf = qX{{l- 

n=l 

^This result was essentially first proved by Igusa |lg| (from the classical perspective). 
See also |TV| . Theorem 4.1.48, |Casl| for an interesting discussion of what happens at the 
"bad primes", and Deligne's paper in the same volume as j("asl| . 
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Define the j-invariant by 



j(g) = l728-60^Gi{qf/A{q) = g"i+744+196884g+21493760gV864299970g^+. 

(More details on A and j can be found for example in jShimj .) The key 
property satisfied by Hjy is Hj^{j{q), j{q^)) = 0. It is interesting to note 
in passing that when is such that the genus of Xq{N) equals (i.e., 

G {1, 3, 4, 5, 6, 7, 8, 9, 12, 13, 16, 18, 25} [Kij) then this implies that (x, y) = 
{j{q), j{q^)) parameterizes Xo{N). In general, comparing g-coefficients al- 
lows one to compute for relatively small values of N. (The MAGMA 
command ClassicalModularPolynomial'^ computes this expression. How- 
ever, even for A^ = 11, some of the coefficients can involve one hundred digits 
or more. The cases A^ = 2, 3 are given in Elkies |Elj . for example. The paper 
by P. Cohen |Coj determines the asymptotic size of the largest coefficient 
of i^AT (normalized to have leading coefficient equal to 1). She shows that 
the largest coefficient grows like A^^^(^), where c > is a constant. More 
practical equations for (some of) the Xq{N) are given in T. Hibino and N. 
Murabayashi |HMj . M. Shimura jShimMj . J. Rovira [R], G. Frey and M. 
Miiller |FMl, Birch jB], and the table in §2.5 below. 

For deeper study of Shimura varieties and the theory of canonical models 
we refer the reader to |Delj . |Lan2j . and jShimj . 



2.4 Hecke operators and arithmetic on Xq{N) 

In this section we recall some well-known though relatively deep results on 
Xq{N){¥p), where p is a prime not dividing A^. These shall be used in the 
discussion of the Tsfasman, Vladut, Zink, and Ihara result later. 

First, some notation: let S'2(ro(A^)) denote the space of holomorphic au- 
tomorphic forms of weight 2 on ro{N)\H. Let Tp : S2{To{N)) S2(To{N)) 
denote the Hecke operator defined by 

p-i , • 
Tpf{z) = f{pz)+Y,fi^), ^^H. 

1=0 ^ 

Define Tpk inductively by 

Tpk = Tpk-lTp — pTpk-2, Tl = 1, 

■^See also CcinoiiicalModularPolynoinial and AtkinModularPolynomial, 
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and define the modified Hecke operators Upk by 

Upk — — Tpk pTpk — 2^ Up —— Tp^ 

for k > 2. Tlie Hecke operators may be extended to tlie positive integers by 
demanding tliat tliey be multiplicative. 

Theorem 4 ("Congruence relation" of Eichler-Shimura fl^ . ^5.6.7, or 
Let q = p'' , k > an integer. If p is a prime not dividing N then 

TriTp)=p + l-\Xo{N){¥p)\. 

More generally, 

TT{T,-pT^,p2) = g + 1 - |Xo(iV)(F,)|. 

Example 5 One may try to compute the trace of the Hecke operators Tp 
acting on the space of holomorphic cusp forms of weight 2, S'2(ro(A^)), by 
using either the Eichler-Shimura congruence relation, which we give below 
(see Theorem^, or by using some easier but ad hoc ideas going back to Hecke 
which work in special cases. One simple idea is to note that 5'2(ro(iV)) is 
spanned by simultaneous eigenforms of the Hecke operators (see for example. 
Proposition 51 in chapter III of }Kof }. In this case, it is known that the 
Fourier coefficient ap, p prime not dividing N, of a normalized (to have 
leading coefficient ai = I) eigenform is the eigenvalue ofTp (see for example. 
Proposition 40 in chapter III of \Kc^ ). If S2{To{N)) is one- dimensional then 
any element in that space f{z) is such an eigenform. 

The modular curve Xo(ll) is of genus 1, so there is (up to a non-zero 
constant factor) only one holomorphic cusp form of weight 2 in 5'2(ro(ll)) 
(see Theorem{^ below). There is a well-known construction of this form (see 
10^ or ICeHf . Example 5.1), which we recall below. As we noted above, the 
p-th coefficient ap (p a prime distinct from 11) of its Fourier expansion is 
known to satisfy ap = Tr(Tp). These will be computed using MACMA. 

Let q = e^'^*^, z eM., and consider Dedekind's ?]-function.- 

oo 

v{z) = e'-^^/''l[{l-qn. 

n=l 

Then 

oo 

f{z) = v{z)'^{llzfq - q"f{l - g"")', 

n=l 
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is an element o/S'2(ro(ll)) One can compute the q-expansion of this form 
using MAGMA's ModularForms(GainmaO(ll) ,2) command: 

f{z) = q - 2q^ - + 2q^ + + 2q^ - 2q\.. 

For example, the above expansion tells us that Tr{T^) = Tr{U^) = — 1. The 
curve Xo(ll) is of genus 1 and is isogenous to the elliptic curve E with 
Weierstrass model + y = — . Over the field with p = 3 elements, there 
are |Xo(ll)(F3)| = p + 1 — Tr{Tp) = 5 points in E{¥3), including oo: 

E(F3) = {[0,0],[0,2],[l,0],[l,2],oo}. 

(For this, one uses the commands F:=GF(3) ; P<x> : =PolynoinialRing(F) ; 
f :=x~3-x~2;h:=l; C : =HyperellipticCurve (f , h) ;Places(C, 1) ; 

For a representation-theoretic discussion of this example, see \Gel^ . §i^. 

For an example of an explicit element of S'2(ro(32)), see Koblitz IKof . 
chapter II §5 and (3.40) in chapter III. For a remarkable theorem which 
illustrates how far this rj-function construction can be extended, see Morris' 
theorem in %2.2 of Ffi) /. 

To estimate a^fc, one may appeal to an explicit expression for Tr{Tpk) 
known as the "Eicliler-Selberg trace formula", which we discuss next. 



2.5 Eichler-Selberg trace formula 

In this subsection, we recall the version of the trace formula for the Hecke 
operators due to Dufio-Labesse |DLj . §6. 

Let k be an even positive integer and let F be a congruence subgroup as in 
Let S denote a complete set of representatives of G'(Q)-conjugacy classes 
of M-elliptic elements in F (M-elliptic elements are those that are conjugate to 
an element of 5*0(2, M), the orthogonal group). For 7 G 5, let 1^(7) denote 

the cardinality of the centralizer of 7 in F. If r(9) = ( *"°^'''?L ^^'^Im I 

' \ -sm(6') cos(6') J 

Hn fact, if we write f{z) = J2^=i an?" then 

p#ii 



is the global Hasse-Weil zeta function of the elliptic curve E of conductor 11 with Weier- 
stass model y'^ + y = — x"^ [Gel, . page 252. 



2 SHIMURA CURVES 



11 



then let 6^ G (0, 27r) denote the element for which 7 = r{9^). Let denote 
the image in G{Af) of the set of matrices in GL[2,Af) having coefficients 
in Z = np<oo determinant in mZ. Consider the subspace Sk(T) C 

L'^{r\H) formed by functions satisfying 

. fi^z) = {cz + d)'f{z), for all 7 = ( ^ J ^ G T, x G i/, 

• / is a holomorphic cusp form. 

This is the space of holomorphic cusp forms of weight k on H. 
Let 



and let 



1, m is a square, 

0, otherwise. 

1, i = J, 
0, otherwise. 



Theorem 6 ( "Eichler-Selberg trace formula") Let k > be an even integer 
and m > an integer. The trace of acting on Sk{T) is given by 

Remark 7 Let k = 2,m = p'^,T = ro(A^) and N —>■ 00 in the above 
formula. It is possible to show that the Eichler-Selberg trace formula implies 

Tr{T,2)=g{X,{N)) + 0{l), (4) 

as N —>■ 00. The proof of this estimate (see ^M], chapter 5, or ILvdC^ . 

uses the explicit formula given below for g{XQ{N)) = dim(5'2(ro(iV)), which 

we shall also make use of later. 

Theorem 8 ("Hurwitz-Zeuthen formula" IShimJ^ ) ^ The genus of Xq{N) is 
given by 

g{Xo{N)) = dim(^2(ro(iV)) = 1 + ^/.(iV) - ^f^,{N) - i/i3(iV) - f^^iN), 



^The genus formula for Xo{N) given in |Shim| and |Kn| both apparently contain a 
(typographical?) error. The problem is in the fj,2 term, which should contain a Legendre 
symbol (^) instead of (^). See for example IEi| for a correct generalization. 
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where 

/i(iV) = [SL{2, Z)/ro(iV)] = AT J](l + 1 



p\N ^ 



np|^pnme(l + (f)), gcd{A,N) = l, 

0, 4|iV, 



/^3(iV) 

and 



Y\p\N pnme(l + (f )). ^?crf(2, N) = 1 and <7crf(9, N) + 9, 
0, 2|A^ or 9|A^, 



d\N 

•where zs Euler's totient function and (-) Legendre's symbol. 

The estimate anc? the Eichler-Shimura congruence relation imply 

\Xo{N){¥,2)\ = p2 + 1 _ Tr{T,2 - pi) = + 1 - Tr{T^.) + p ■ dim(52(ro(iV)) 
= p2 + 1 - (^(Xo(iV)) + 0(1))) + p • g{Xo{N)) 
= {p-l)giXo{N)) + 0{l), 

as N ^ oo. 

2.6 The curves Xq{N) of genus 1 

It is known (see for example |iKn j) that a modular curve of level A^, Xq{N), 
is of genus 1 if and only if 

G {11, 14, 15, 17, 19, 20, 21, 24, 32, 36, 49}. 

In these cases, Xq{N) is birational to an elliptic curve E having Weierstrass 
model of the form 

y'^ + aixy + a-^y = + a2X^ + a^x + oe. 



with 01,02,03,04,06- If E is of above form then the discriminant is given 

by 

A = -hlh - Sbl - 27bl + 962&4&6, 

where 



b2 = al + 4o2, 64 = 204 + O1O3, be = al + Aqq, 
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level 


discriminant 


Weierstrass model 


reference 


11 


-11 


y"^ + y = — x"^ 


[BKJ, table 1, p. 82 


14 


-28 


y'^ + xy — y = x^ 


p. 391, table 12.1 of jlij 


15 


15 


y"^ + 7 xy + 2y = x^ + Ax"^ + X 


p. 65, table 3.2 of [Kil 


17 


17 


y"^ + 3 xy = x^ + X 


p. 65, table 3.2 of [Kil 


19 


-19 


y"^ + y = x^ + x^ + X 


[BK , table 1, p. 82 


20 


80 


y"^ = x^ + x"^ — X 


p. 391,^ table 12.1 of pOl] 


21 


-63 


y"^ + xy = x^ + X 


p. 391, table 12.1 of [KnJ 


24 


-48 


y"^ = x^ — x"^ + X 


p. 391, table 12.1 of ^ 


27 


-27 


y"^ + y = x^ 


p. 391, table 12.1 of jKij 


32 


64 


y = X — X 


p. 391, table 12.1 of |KiI 


36 




(see below) 


§4.3 in [El 


49 




(see below) 


§4.3 in H 



Table 1: Models of genus 1 modular curves 



fog = a^a^ -\- 20206 — 010304 -|- 02O3 — 04. 

The conductor ^ N oi E and its discriminant A have the same prime factors. 
Furthermore, A^|A ([Knl, [HeT] ). 

Some examples, which we shall use later, are collected in the following 
table. 

When = 36, §4.3 in Rovira [HI gives y"^ = x^ — 4x^ — 6x^ — Ax + 1, 
which is a hyperelliptic equation but not in Weierstrass form. To put it in 
Weierstrass form, we use j.MAGMAj '^. This produces the cubic equation y"^ + 
(x^ -|- l)y = x^ — 2x'^ + x, provided p ^ 2. This has conductor A = —1769472. 
When N = 49, §4.3 in Rovira (E] gives y"^ = x^ - 2x^ - 9x'^ + lOx - 3, 
which is a hyperelliptic equation but not in Weierstrass form. As before, 
MAGMA produces a cubic equation in which the coefficient of x^ is not one, 
y"^ + {—x"^ — X — l)y = —x^ — 3x^ -|- 2x — 1. The change-of- variable x 1 — > —x 
produced the Weierstrass form y"^ + (— — x — l)y = x^ — Sx"^ — 2x — 1. This 
has conductor A = -1404928. 

^The conductor is defined in Ogg [Oil, but see also [Hill, §1-2, or "En , P. 390. 
''More precisely, we use the ReducedMinimalWeierstrassModel command over the 
field Q. 
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3 Codes 

To have an idea of how the points of a curve over finite fields are used in the 
coding theory we first recall the definition of a code. 

Let A be a finite set, which we regard as an alphabet. Let A" be the 
n-fold Cartesian product of A by itself. In we define the Hamming 
metric d{x, y) by: 

d{x,y) = d{{xi, ■ ■ ■ ,Xn), (z/i, • • • ,?/n)) := \{i \ Xi ^ yi}\. 

We now assume that A" is equipped with the Hamming metric. Then by 
definition a subset C C A" is called an |A|-ary code. An important case 
arises when we let A to be a finite field. Suppose that q = p"^ and is a finite 
field with q elements. In this case we may put A = ¥q and y = (0, ■ ■ ■ , 0). 
Then the weight of x is the Hamming length = d{x,0) = \{i \ Xi ^ 
0}|. In particular a subset C of F^^ is a code, and to it is associated two 
basic parameters: k — log^|C|, the number of information bits and 
d = min{\\x — y\\ \ x,y & C,y ^ 0} the minimum distance. (A code with 
minimum distance d can correct [^^] errors.) Let 

n 

which measures the information rate of the code, and 

5 = 5{C) = -, 

n 

which measures the error correcting ability of the code. 
3.1 Basics on linear codes 

If the code C C F^ is a vector space over F^ then we call C a linecO" code. 
The parameters of a linear code C are 

• the length n, 

• the dimension k = dimF^(C), 

• the minimum distance d. 
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Such a code is called an (n, k, d)-code. Let Eg denote the set of all (5, R) G 
[0, 1]^ such that there exists a sequence Ci, i = 1,2, of (n^, ki, (ij)-codes for 
which linij^oo = ^ and linij^oo -Ri = R- 

The following theorem describes information-theoretical limits on how 
"good" a linear code can be. 

Theorem 9 (Manin ISS^ . chapter 1) There exists a continuous decreasing 
function 

a,: [0,1] ^[0,1], 

such that 

• aq is strictly decreasing on [0, ^-^]; 

• «,(0) = 1, 

• if^<x<l then aq{x) = 0, 

• = G [0,1]2 I 0<R<aq{5)}. 

Not a single value of aq{x) is known for < a; < It is not known 
whether or not the maximum value of the bound, R = aq{6) is attained by a 
sequence of linear codes. It is not known whether or not aq{x) is differentiable 
for < X < nor is it known if q;„(x) is convex on < x < ^— However, 
the following estimate is known. 

Theorem 10 ( Gilbert- Varshamov IMSf . ISSf chapter 1) We have 

aq{,x) > 1 - X logg(g - 1) - X logg(x) - (1 - x) logg(l - x). 

In other words, for each fixed e > 0, there exists an {n,k,d)-code C (which 
may depend on e) with 

R{C)+6{C) > 1-6{C) log,(i-l)-5(C) logg(5(C))-(l-5(C)) \og^{l-6{C))-e. 

The curve {6,1-6 \og^{^) - 6 \ogq{6) -{1-6) logg(l -6))) is called the 
Gilbert- Varshamov curve. This theorem says nothing about constructing 
codes satisfying this property! Nor was it known, until the work of Tsfasman, 
Valdut, Zink and Ihara, how to do so. 
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3.2 Some basics on AG codes 

We begin with Goppa's basic idea boiled down to its most basic form. Let 
R denote a commutative ring with unit and let mi, m2, m„ denote a finite 
number of maximal ideals such that for each 1 < i < n, we have R/rrii = ¥g. 
Define 7 : ^ by 

7(x) = (x + mi, x + 1712, ■■■,x + m„), x E R. 

Of course, in this level of generality, one cannot say much about this map. 
However, when R is associated to the coordinate functions of a curve defined 
over ¥g then one can often use the machinery of algebraic geometry to obtain 
good estimates on the parameters {n, k, d) of the code associated to 7. 

Let V be an irreducible smooth projective algebraic variety defined over 
the finite field F^. Let ¥q{V) denote the field of rational functions on V. Let 
V{y) denote the set of prime divisors of V , which we may identify with the 
closed irreducible subvarieties of V{¥p) of codimension 1. For each P e ViV), 
there is a valuation map ordp : ¥q{V) Z (see Hartshorne |Haj . §11.6, page 
130). Let Viy) denote the group of divisors of V, the free abelian group 
generated by V{V). 

If y4 = Yip (^pPj B = Yp ^ ^(^) divisors then we say A < B 
if and only if ap < hp for all P G ViV). If / G ¥q{y) is a non-zero function 
then let 

div{f)= Yl o^Mf)P. 

where ordp{f) is the order of the zero (pole) at P (as above). This is well- 
defined (since the above sum is finite by Lemma 6.1 in |Haj . §11.6, page 131). 
For B e V{V), define C{B) = H^{V, Op) to be the Riemann-Roch space 

C{B) = {0} U {/ G F,(y) 1/^0, divU) > -B}. 

Pick n different points Pi,P2,...,Pn in V(¥g), let D = P^ + ... + 
and choose a divisor G = Yp£V(v)^pB ^ '^(Y) disjoint from these points 
(i.e., no Pi is a point on the codimension one subvariety P in G). It is not 
necessary for G to be rational. The Goppa code or AG code associated to 
{V(¥g), D, G) is the linear code G = G{G, D, V) defined to be the subspace 
of Fg which is the image of the map 



7 : C{G) ^ F^, 



(5) 
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defined by 7(/) = (/(Pi), /(P„)). (In the case of curves, tliis code is 
called the dual Goppa code or Goppa function code in Goppa gave 
another geometric construction of codes using differentials for which we refer 
the reader to [P] or |TVj . In other parts of the literature, the term "Goppa 
code" refers to an earlier construction of Goppa using rational functions.) 
To specify an AG code, one must 

• choose a smooth variety V over ¥q, 

• pick rational points Pi, P2, Pn of V, 

• choose a divisor G disjoint from the Pj's, 

• determine a basis for C{G), 

• compute the matrix for 7 wth respect to this basis. 
3.3 Some estimates on AG codes 

Let g be the genus of a curve V = X and let C = C{G, D, X) denote the 
Goppa code as constructed above. If G has parameters [n, k, d] and if we 
then the following lemma is a consequence of the Riemann-Roch theorem. 

Lemma 11 Assume G is as above and G satisfies 2g — 2 < degiG) < n. 
Then k = dim{G) = deg{G) — g + 1 and d > n — deg{G). 

Consequently, k + d>n — g + 1. Because of Singleton's inequality®, we 
have 

• if (7 = then G is an MDS code, 

• if g = 1 then n<k + d<n + l. 

The previous lemma also implies the following lower bound. 

Proposition 12 (jSSJ ^3.1, or 'TV/j With G as in the previous lemma, we 
haveS + R=^ + ^>l-^. 

n n — n 

*It is known that n > d + fc — 1 for any linear (n, k, (i)-code (this is the Singleton in- 
equality), with equality if and only if the code is a so-called MDS code (MDS=minimum 
distance separable). 
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Theorem |H1 above is an explicit formula for the genus of the modular 
curve Xq{N). It may be instructive to plug this formula into the estimate 
in Proposition to see what we get. The formula for the genus Qn of 
Xo{N) is relatively complicated, but simplifies greatly when iV is a prime 
number which is congruent to 1 modulo 12, say = 1 + 12m, in which case 
qn = rn — 1. For example, gis = 0. In particular, we have the following 

Corollary 13 Let X = Xq{N), where N is a prime number which is con- 
gruent to 1 modulo 12 and which has the property that X is smooth over Fg. 
Then the parameters [n, k, d] of a Goppa code associated to X must satisfy 

d hj 2 

- + - > 1 - — . 

n n n 

Based on the above Proposition, if one considers a family of curves Xj 
with increasing genus gt such that 

lim^i(M.„ (6) 

i^oo gi 

one can construct a family of codes Cj with 6{Ci) + R{Ci) > 1 — -. It is 
known that a < ^Jq — 1 (this is the so-called Drinfeld-Vladut bound, 
iTVl. Theorem 2.3.22). 



The following result says that the Drinfeld-Vladut bound can be attained 
in case q = p^. 

Theorem 14 (Tsfasman, Valdut, Zink ITV^ . Theorem 4- 1-52) Let g^ de- 
note the genus of Xq{N). If N runs over a set of primes different than p 
then the quotients gN/\XQ{N)(¥p2)\ associated to the modular curves Xq{N) 

tend to the limit ^— . 

p-i 

More generally, if g = p'^'', then there is a family of Drinfeld curves Xi 
over ¥g yielding a = y/q — l ( |TVj . Theorem 4.2.38, discovered independently 
by Ihara [Tj at about the same time). In other words, the Drinfeld-Vladut 
bound is attained in case q = p^^. 

As a corollary to the above theorem, if p > 7 then there exists a sequence 
of Goppa codes Gn over Fp2 associated to a sequence of modular curves 
Xq{N) for which {R{Gn), S{Gn)) eventually (for suitable large N) lies above 
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the Gilbert- Varshamov bound in Theorem 221 This follows from comparing 
the Gilbert-Varshamov curve 

{6, 1 - 6\og/—^) - 51og,(5) -{1-6) log,(l - 6))) 
with the curve {6, 1 = P^- 

4 Examples 

Let C be an elliptic curve. This is a projective curve for which C(Fq) has 
the structure of an algebraic group. Let Pq G C(Fq) denote the identity. Let 
Pi, P2, Pn denote all the other elements of C{¥g) and let A = aPo, where 
< a < n is an integer. 

Example 15 Let C denote the elliptic curve of conductor 32 (and birational 
to Xo{32)) with Weierstrass form y"^ = — x. If p is a prime satisfying 
p = 3 (mod 4) then 

\Ci¥p)\=p + l 

(Theorem 5, ^18.4 in Ireland and Rosen UR^ )- LetC(¥p) = {Pq, Pi, P2, Pn} , 
where Pq is the identity, and if A = kP^, for some k > 0. The parameters 
of the corresponding code G = G{A, P, C) satisfy n = p, d + k > n, since 
g = 1, by the above Proposition. As we observed above, an AG code con- 
structed from an elliptic curve satisfies either d + k — l = n (i.e., is MDS) or 
else d + k = n. The result of Shokrollahi below implies that if, in addition, 
p > 3 or k > 2 then G is not MDS and 

n = p, d + k = p. 

The following result is an immediate corollary of the results in |Shj . see 
also §5.2.2 in |TVj . 

Theorem 16 (Shokrollahi) Let G, Pq, Pi, Pn, D, A, be as above. 

• If a = 2 and G{¥q) = G2 x G2 (where Gn denotes the cyclic group of 
order n) then the code G{A,D) is a [n,k,d]-code (n is the length, k is 
the dimension, and d is the minimum distance) with 

d = n — k + 1, and k = a. 
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• Assume gcd{n, a!) = 1. If a ^2 orC{¥q) is not isomorphic to the Klein 
four group C2 x C2 then G{A,D) is a [n,k,d]-code (n is the length, k 
is the dimension, and d is the minimum distance ) with 

k = a 

and weight enumerator polynomial (see for example JMBl for the defi- 
nition) 

Wg{x) = a:" + ( ^ ) (^""^ - - 1)^ + Ba{x - l)^ 
where Ba is given in \Sh^ and %3,2,2 in \T\^ . 

4.1 Weight enumerators of some elliptic codes 

In the case where E is given by the level 19, discriminant —19 Weierstrass 
model 

+ y = x^ + x^ + X, 

and p = 13, we have 

F(W \ = [O'O]' ^2]' [1'6], [3,0], [3, 12], [4,2], [4, 10], [5,3], [5,9], 

""^^^^ [8, 3], [8, 9], [9, 0], [9, 12], [11, 4], [11, 8], [12, 3], [12, 9]} " 

Write E(¥p) = {Pq, Pi, Pn}, where Pq denotes the identity element of the 
group law for E, let A = kPo, and let D = Pi + ... + Pn. The hypotheses of 
the above theorem are satisfied when we take n = 17 and 2 < k = a < 17. 
The above construction associates to this data a Goppa code G = G{A, D, E) 
which is a 7-error correcting code of length n = 17 over F13. Some of the 
weight enumerator polynomials Wq and the number of errors these codes G 
can correct are given in the following table. 

These were computed using MAGMA commands such as the following. 

F:=GF(13) ; 

P<x> : =PolynomialRing(F) ; 
f :=x~3+x~2+x;h:=l; 
C:=HyperellipticCurve(f , h) ; 
Places(C,l) ; 



4 EXAMPLES 



21 







number of errors 


a = k 


weight enumerator Wq 


G corrects 


2 


a;!^ + 96a;2 + 12a; + 60 


7 


3 


+ 456a;3 + 264a;2 + 960a; + 516 


6 


4 


+ IGOSx^ + 1728a;=^ + SOlGx^ + 9684a; + 7524 


6 


5 


a;!^ + 4104x5 + 8040x^ + ... + 94644 


5 


6 


x^^ + 8232x6 + 24864x5 + ... + 1239540 


5 


7 


x^^ + 12984x^ + 57624x6 + ... + 16090116 


4 


8 


x^^ + 16272x8 + 103200x^ + ... + 209219292 


4 


9 


x^^ + 16176x'^ + 146136x8 + ... + 2719777524 


3 


10 


x^^ + 12912x^0 + 162600x'^ + ... + 35357193732 


3 



Table 2: weight enumerator polynomials of some elliptic codes 

Div := DivisorGroup(C) ; 

Pls:=Places(C,l) ; 

S: = [Pls[i] : i in [2. .#Pls]] ; 

m:=2; 

D := m*(Div!Pls[l]) ; 

AGC := AlgebraicGeometricCodeCS, D) ; 

Length (AGO ; 

Dimension(AGC) ; 

MinimumDistance(AGC) ; 

WeightEnumerator (AGC) ; 

The number of codewords of minimum weight n — A; is the coefficient of 
the second highest term in Wg{x). For example, when k — 3 the number of 
codewords of minimum weight n — k = 14 is 384. 

A smaller example using the same elliptic curve E as above: taking p = 3, 
we find that 

£;(Fp) = {[0,0],[0,2],[l,0],[l,2],[2,l],oo}. 

The hypotheses of the above theorem are satisfied when we take n — 5 and 
2 < A; = a < 5. The weight enumerator when a = 2 is 

Wg{x) =x5 + 4x^ + 2x + 2, 

and there are 4 codewords of minimum weight 3 in the corresponding elliptic 
(Goppa) code. This is a 1-error correcting code of length 5 (over F3) . 
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4.2 The generator matrix (apres des Goppa) 

Example 17 Consider the hyperelliptic curve^ X defined by y"^ 
over the field ¥p with p elements. It is easy to see that 



X 



C^(Fp) = {Poo,(0,0),(l,0),...,(p-l,0)} 

has exactly p + 1 points, including the point at infinity, Pqo ■ The automor- 
phism group of this curve is a two-fold cover of PSL{2,p) (see Gob \Gc^ for 
the algebraically closed case). 

Consider for example the case of p = 7. Let A = mPoo and D = Pi + 
... + P7 and let G denote the one-point Goppa code associated to X/¥j and 
these divisors A, D. These codes give rise to MDS codes in many cases. 

When m = 2, we obtain a [7, 2, 6] code with weight enumerator l + 42a;® + 
6x^. This code has automorphism group of order 252 and permutation group 
of order 42. When m = 4, we obtain a [7, 3, 5] code with weight enumerator 
1 + 126x^ + 84:X^ + 132x^. This code has the same automorphism group and 
permutation group. It has generator matrix in standard form 



1 2 5 1 5 
G = ( 1 1 5 5 2 
1 5 5 2 1 



and check matrix 



H 



/5621000\ 
2 2 2 1 
6 2 5 1 
\2560001/ 



The method used in Goppa's Fermat cubic code example of [G], pages 108- 
109, can be easily modified to yield analogous quantities for certain elliptic 
Goppa codes. 

Example 18 Let E denote the elliptic curve (of conductor N = 19) which 
we write in homogeneous coordinates as 



y^z + yz^ 



Q 2 2 

X + X Z + XZ 



^When p = 3 it is a model of a modular curve of level 32 (see Table 1). When p 
this example arises in the reduction of X(l) in characteristic 7 |E2| . 
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Let (f){x,y,z) = + y"^ + , let F denote the projective curve defined by 
z) = 0, and let D denote the divisor obtained by intersecting E and 
F. By Bezout's theorem, D is of degree 6. A basis for C{D) is provided by 
the functions in the set 

Bd = {1, x'^/(l){x, y, z),y^/(l){x, y, z), z^/(l){x, y, z),xy/(f){x, y, z),yz/(l){x, y, z)}. 

(This is due to the fact that dim C{D) — deg(L>) = 6 and the functions 
f e Bd "obviously" satisfy (/) > —D.) We have 



{ [0,0,1], [0,1,0], [0,1, 6], [1,0, 2], [1,0, 4], 
[1,3, 4], [1,3, 6], [1,5, 2], [1,5, 6] } 



E{¥,) = 

which we write as Pi, P2, Pg. Consider the matrix 












1 


1 


1 


1 


1 


1 





1 


1 








2 


2 


4 


4 


1 





1 


4 


2 


2 


1 


4 


1 

















3 


3 


5 


5 








6 








5 


4 


3 


2 











2 


4 


4 


6 


2 


6 



The first row of G gives the values of x^ /(f){x,y, z) at {Pi | 1 < i < 9}. 
The other rows are obtained similarly from the other functions correspond- 
ing to the basis elements of C{D): y"^ / (f){x , y , z) , z"^ /(f){x,y, z) , xy /(f){x,y, z) , 
yz/4>{x, y, z). Performing Gauss reduction mod 7 puts this in canonical form: 



100000044 
010000606 
1 1 3 4 

1 6 1 6 
1 1 3 5 
000001144 



so this code also has minimum distance ?>, hence is only 1-error correcting. 
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The corresponding check matrix is 



H 



012122100 
304643010 
3 1 3 1 2 3 1 



For an example of the generating matrix of a one-point elliptic code as- 
sociated to + = 1 over F4 has been worked out in several places (for 
example, see Goppa's book mentioned above, or the books |SSj . §3.3, jP], 
§§5.3, 5.4, 5.7, or §5.7.3). 



5 Concluding comments 

We end this note by making some comments: 

(1) The algebraic geometric relation between the number of points over 
a finite field for a variety is related to the Betti numbers. However, an 
equivalent notion of genus for higher dimensional varieties is the "arithmetic 
genus". Can one develop a relation between the number of points over finite 
fields of a variety and its arithmetic genus, useful in coding theory? 

(2) Can one construct "good" codes associated to the higher dimensional 
Shimura varieties? 
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